Penetration Testing
Since 2013, we have been conducting professional penetration tests. All engagements are performed in accordance with international standards and backed by years of operational experience in penetration testing, red teaming, and offensive security. Originally rooted in the payment, finance, and banking sector, we bring extensive experience in highly regulated and security-critical environments.
As a specialized provider for professional penetration testing, we clearly distinguish between vulnerability scans and actual penetration testing. We do not sell automated scans as pentests. Our assessments are primarily manual and findings are evaluated in a risk-based manner from both a technical and business perspective. Looking for a professionally conducted penetration test with traceable results? Then binsec is your partner.
Contact us
More than 10 years of practical experience in penetration testing
Assessments performed exclusively by employed senior penetration testers
No subcontractors or external freelancers
Direct communication with the responsible senior penetration tester
Fully controlled in-house testing infrastructure, no cloud services used
Structured and reproducible testing approach
Identification of technical and business-relevant security risks
Risk-weighted vulnerability assessment or CVSS based scoring
Detailed report including executive summary and technical documentation
Retesting of identified vulnerabilities included
Pentesting
Areas
Web Application Pentesting
We perform penetration test of web applications. The scope and complexity of a web application can range from a static web page to a multi-tenant application. This is also reflected in the number of pages in the OWASP Testing Guide, which summarizes test methods against web applications on several hundred pages. We pentest a web application both with and without credentials. In order to efficiently detect errors in the authorization management of the web application, we request test accounts for each user role and for different tenants if applicable. During a penetration test we also test for typical attacks like Injection and XSS, of course.
API Pentesting
We perform penetration test of APIs and regulary test REST API and XML APIs for example. An API can be examined for vulnerabilities both as an independent test object in a penetration test and in combination with a front end. We usual ask for some kind of API documentation or a description of the APIs complexity during the offer process, in order to assess the required time for the penetration test. If a web appliucation is using an API, we also can determine the available endpoints of an API as part of a penetration test. Typical API security vulnerabilities are, for example, input validation errors or inadequate authorization management.
Network pentesting
In a penetration test against networks, the first step is to identify active IT systems and their services. Then the actual work begins - the search for vulnerabilities in the network. The test steps during a network penetration test are made up of a wide spectrum, since an IT infrastructure can consist of different services. Outdated software or misconfigurations are just two of many causes behind a security gap in a network.
Medical Devices pentesting
We conduct penetration test in order to comply with the Medical Device Regulation (MDR). The MDR requires verification and validation that medical products and software are secure. The Medical Device Coordination Group in its guidance document on cybersecurity for medical devices states, that the primary means of security verification and validation is testing.
Android App Pentesting
We perform penetration testing of Android apps. In case the application is not available through Google Play Store or you like to get a different version tested, you need to send us the APK. Besides installing your android app on a regular smartphone, it is also installed on a rooted android phone in order to be able to access the internal data storage of the app, for example. We try to circumvent any protective controls such as an implemented root detection or HTTP public key pinning, in order to get full control of the android app's communication. Unless otherwise requested, we also include the connected API for an app in our penetration test.
iOS App Pentesting
We perform penetration testing of iOS mobile apps. In case the application is not available through app store or you like to get a different version tested, you need to send us the IPA. Besides installing your iOS app on a regular iPhone, it is also installed on a jailbreaked iPhone in order to be able to access the internal data storage of the app, for example. We try to circumvent any protective controls such as an implemented jailbreak detection or HTTP public key pinning, in order to get full control of the iOS app's communication. Unless otherwise requested, we also include the connected API for an app in our penetration test.
How-To
Get a Pentest Offer
Get in touch
Get in touch with us, best by using our contact form.
Let's talk
We will get back to you shortly to either schedule a call or provide more information via e-mail.
Receive the offer
After we got an understand about the scope and your requirements, we compile a comprehensive pentest offer and send it to you.
Sign it
If everything is fine, you may sign the last page of our offer or we talk about necessary adjustments.
Kick-Off and Planning
Now let's do the planning of the pentesting. Finding the execution period and schedule a kick-off call if necessary.
Executing the Penetration Test
We conduct the penetration test. We typically require a technical contact to call or mail if we have any questions.
Reporting
We compile the pentest report and send it to you.
Re-Testing
We do the re-testing free of charge if remote.
Talk now
to our
Pentest experts.
Contact us
OSCP, M.Sc. Security Management
Talk now to our Pentest experts.
OSCP, M.Sc. Security Management
+49 692475607-0